Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 31 Oct 2002 09:52:11 +0100
From:      Thomas Gielfeldt <thomas@gielfeldt.dk>
To:        freebsd-net@freebsd.org
Subject:   Connecting two LANs via VPN and Filtering
Message-ID:  <MWMail.bnbnrgjr@host.none>

next in thread | raw e-mail | index | archive | help
Thomas Gielfeldt <thomas@gielfeldt.dk> wrote on 26-10-02 20:22:15:
Hi

I have now finally bridged my two networks over the internet using vtun + netgraph.


                              +--------------+     <public ip>
                              | Cisco Router |   ---------------
                              +--------------+   <172.16.0.1/16>
                                     |
                                     |
                                     |
                              +--------------+
                              |    Switch    |
                              +--------------+
                             /                \
                            /                  \
                           /                    \
                          /                      \
  <172.16.1.1/16>  +-----------+            +-----------+  <172.16.2.1/16>
 ----------------- | Gateway A |            | Gateway B | -----------------
   <10.0.1.1/16>   +-----------+            +-----------+   <10.0.2.1/16>
                         |                        |
                         |                        |
                         |                        |
    +------------------------------+    +------------------------------+
    |          Network A           |    |          Network B           |
    |                              |    |                              |
    |                              |    |                              |
    |                              |    |                              |
    |  +---------+    +---------+  |    |  +---------+    +---------+  |
    |  | Host A1 |    | Host A2 |  |    |  | Host B1 |    | Host B2 |  |
    |  +---------+    +---------+  |    |  +---------+    +---------+  |
    | <10.0.1.2/16>  <10.0.1.3/16> |    | <10.0.2.2/16>  <10.0.2.3/16> |
    +------------------------------+    +------------------------------+

The VTun creates the interface tap0 and I use the ether.bridge script (found in /usr/share/examples/netgraph/) to bridge the tap0 interface and 
the LAN interface.
However, mow I'm faced with a new problem.
Each net has its own DHCP-server, which causes the problem that hosts on e.g. Network B receives an IP from the DHCP-server on Network A.
This not actually a problem, but I would still like to make the separation if the IP-ranges to each Network.
I was thinking of something like filtering the tap0 on IP level. Ipfilter cannot be used though, as it thinks it receives all data from the LAN interface 
due to the bridge.
So you probably have to filter via netgraph?
Could somebody please help me on how to solve this. Examples will be appreciated.

Thanks in advance.

Best Regards
Thomas Gielfeldt


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MWMail.bnbnrgjr>